Answered: Debian 9 (Stretch) VPN manager not setting DNS correctly

[pfred]

I installed the VPN manager under Debian 9 (Stretch) using the current version .deb. When connecting to a Perfect Privacy server DNS does not get set correctly. For example my default DNS is Google (8.8.8.8) and after connecting Check-DNS lists all the Google DNS servers.

I also installed the VPN mamaner under Ubuntu 16.04 using the current version .deb using the same procedure outlined below and when connecting to a Perfect Privacy server DNS does get set correctly (eg for Singaporeb singapore2.perfect-privacy.com).

Downloaded the current perfect-privacy-vpn.deb

sudo dpkg -i /Downloads/perfect-privacy-vpn.deb
sudo apt-get install -f

Anyone else with the problem?

 

[PP Stephan]

This is probably because you are using Network Manager for setting DNS servers. This method is currently not support in the linux client (but will be with one of the next versions). As workaround I would recommend entering OpenNIC (https://www.opennic.org/) DNS servers directly via Network Manager.

 

[pfred]

Network Manager for setting DNS servers [] is currently not support in the linux client (but will be with one of the next versions).

Approximately when will a version of VPN Manager that supports Network Manager be available? I won't be able to use PP until there is support for Debian 9 (NetworkManager).

 

[PP Stephan]

We are currently looking at providing a fix as soon as possible.

 

[MixMaster]

Frankly, DNS resolver selection in mainstream Linux distributions is a mess. dhcp-client and Network Manager both try to manage resolv.conf with additional interference from resolvconf. And now there's systemd-resolved.

I'd recommend to disable systemd-resolved.service (if enabled), install a local resolver (apt-get install unbound), create resolv.conf to read only "nameserver 127.0.0.1" and make the file immutable (chattr +i /etc/resolv.conf). Finally, remove the resolvconf package, otherwise it might still try to configure the dhcp- and vpn-provided resolvers as forwarders in unbound.

 

[pfred]

We are currently looking at providing a fix as soon as possible.

Is PP VPN manager now working with Dedian 9 (stretch), correctly setting PP DNS? Has VPN manager been fixed?

 

[Mr Craft]

No, it hasn't I'm having the same issue, and this is the first useful post that I've found, thanks, OP. I don't mind setting up OpenNic right now, but this has apparently been an issue for quite some time; which PP doesn't seem to be very concerned with fixing. If there is still no update to this thread or an actual fix, then I guess I'll chalk this up to a crap trial run of PP and move on to another service.

 

[MixMaster]

Well, what would like you to see the VPN Manager do? As a Linux user, you're supposed to have more control over your system than a one-click-and-trust user. If DNS leaks are a concern, you have several ways to set up a solution to your liking, there's no one-size-fits-all.

Here's a way to avoid DNS leaks while also making use of PP's caching resolvers:

- apt-get install unbound
- configure NetworkManager to use 127.0.0.1 as resolver
- you'll need to install resolvconf too. the name changed to openresolv in newer distributions
- chmod a+x /etc/resolvconf/update.d/unbound (this seems to be a bug in the unbound package)

What happens is that without VPN connection, the system locally resolves all names, avoiding leaking DNS requests to your ISP or Google or OpenNic.
The VPN server pushes resolver address that unbound will use as forwarders as long as VPN is connected.

 

[pfred]

As a Linux user, you're supposed to have more control over your system than a one-click-and-trust user.

Well,, not everyone is a propeller-head terminal command line commander. Ubuntu and Debian have gone to great lengths making Linux usable. There's nothing wrong with "one-click" and it just works - it's up to you the propeller-head to make that happen.

Just a FYI. PP's VPN Manager is still broken but Expressvpn VPN Manger works under both Debian 9 and Ubuntu 16.04 - they were able to make it work as it should.